summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>1997-07-30 06:32:42 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>1997-07-30 06:32:42 +0000
commit7ed1b7f7723a3536d9a9fdc71e9474fb5b2eb08f (patch)
treee740a789d198e7bc76567db25d7d9a47d0c71587
parente3e6c7f0b645aeb455db9e095b1b54338a7ac975 (diff)
Fix one possible oflow (not exploitable) and do a wee bit of KNF.
Much more remains to be done.
-rw-r--r--usr.bin/mail/cmd1.c10
-rw-r--r--usr.bin/mail/cmd3.c25
-rw-r--r--usr.bin/mail/collect.c40
-rw-r--r--usr.bin/mail/extern.h6
-rw-r--r--usr.bin/mail/lex.c26
-rw-r--r--usr.bin/mail/main.c18
-rw-r--r--usr.bin/mail/tty.c42
-rw-r--r--usr.bin/mail/v7.local.c17
8 files changed, 95 insertions, 89 deletions
diff --git a/usr.bin/mail/cmd1.c b/usr.bin/mail/cmd1.c
index 52553e92beb..a64f2617895 100644
--- a/usr.bin/mail/cmd1.c
+++ b/usr.bin/mail/cmd1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmd1.c,v 1.10 1997/07/24 17:27:09 millert Exp $ */
+/* $OpenBSD: cmd1.c,v 1.11 1997/07/30 06:32:38 millert Exp $ */
/* $NetBSD: cmd1.c,v 1.9 1997/07/09 05:29:48 mikel Exp $ */
/*-
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)cmd1.c 8.2 (Berkeley) 4/20/95";
#else
-static char rcsid[] = "$OpenBSD: cmd1.c,v 1.10 1997/07/24 17:27:09 millert Exp $";
+static char rcsid[] = "$OpenBSD: cmd1.c,v 1.11 1997/07/30 06:32:38 millert Exp $";
#endif
#endif /* not lint */
@@ -341,7 +341,7 @@ type1(msgvec, doign, page)
warn(cp);
obuf = stdout;
} else
- signal(SIGPIPE, brokpipe);
+ (void)signal(SIGPIPE, brokpipe);
}
}
for (ip = msgvec; *ip && ip - msgvec < msgCount; ip++) {
@@ -357,9 +357,9 @@ close_pipe:
/*
* Ignore SIGPIPE so it can't cause a duplicate close.
*/
- signal(SIGPIPE, SIG_IGN);
+ (void)signal(SIGPIPE, SIG_IGN);
(void)Pclose(obuf);
- signal(SIGPIPE, SIG_DFL);
+ (void)signal(SIGPIPE, SIG_DFL);
}
return(0);
}
diff --git a/usr.bin/mail/cmd3.c b/usr.bin/mail/cmd3.c
index 25f07184e11..accc7f4f56d 100644
--- a/usr.bin/mail/cmd3.c
+++ b/usr.bin/mail/cmd3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmd3.c,v 1.7 1997/07/14 00:24:25 millert Exp $ */
+/* $OpenBSD: cmd3.c,v 1.8 1997/07/30 06:32:38 millert Exp $ */
/* $NetBSD: cmd3.c,v 1.8 1997/07/09 05:29:49 mikel Exp $ */
/*
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)cmd3.c 8.2 (Berkeley) 4/20/95";
#else
-static char rcsid[] = "$OpenBSD: cmd3.c,v 1.7 1997/07/14 00:24:25 millert Exp $";
+static char rcsid[] = "$OpenBSD: cmd3.c,v 1.8 1997/07/30 06:32:38 millert Exp $";
#endif
#endif /* not lint */
@@ -65,8 +65,9 @@ shell(v)
char *shell;
char cmd[BUFSIZ];
- (void)strcpy(cmd, str);
- if (bangexp(cmd) < 0)
+ (void)strncpy(cmd, str, sizeof(cmd) - 1);
+ cmd[sizeof(cmd) - 1] = '\0';
+ if (bangexp(cmd, sizeof(cmd)) < 0)
return(1);
if ((shell = value("SHELL")) == NULL)
shell = _PATH_CSHELL;
@@ -99,14 +100,13 @@ dosh(v)
* Expand the shell escape by expanding unescaped !'s into the
* last issued command where possible.
*/
-
-char lastbang[128];
-
int
-bangexp(str)
+bangexp(str, strsize)
char *str;
+ size_t strsize;
{
char bangbuf[BUFSIZ];
+ static char lastbang[BUFSIZ];
register char *cp, *cp2;
register int n;
int changed = 0;
@@ -141,11 +141,12 @@ overf:
}
*cp2 = 0;
if (changed) {
- printf("!%s\n", bangbuf);
- fflush(stdout);
+ (void)printf("!%s\n", bangbuf);
+ (void)fflush(stdout);
}
- strcpy(str, bangbuf);
- strncpy(lastbang, bangbuf, sizeof(lastbang) - 1);
+ (void)strncpy(str, bangbuf, strsize - 1);
+ str[strsize - 1] = '\0';
+ (void)strncpy(lastbang, bangbuf, sizeof(lastbang) - 1);
lastbang[sizeof(lastbang) - 1] = '\0';
return(0);
}
diff --git a/usr.bin/mail/collect.c b/usr.bin/mail/collect.c
index 987d3381169..6dcee7fdef1 100644
--- a/usr.bin/mail/collect.c
+++ b/usr.bin/mail/collect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: collect.c,v 1.12 1997/07/24 17:27:10 millert Exp $ */
+/* $OpenBSD: collect.c,v 1.13 1997/07/30 06:32:39 millert Exp $ */
/* $NetBSD: collect.c,v 1.9 1997/07/09 05:25:45 mikel Exp $ */
/*
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)collect.c 8.2 (Berkeley) 4/19/94";
#else
-static char rcsid[] = "$OpenBSD: collect.c,v 1.12 1997/07/24 17:27:10 millert Exp $";
+static char rcsid[] = "$OpenBSD: collect.c,v 1.13 1997/07/30 06:32:39 millert Exp $";
#endif
#endif /* not lint */
@@ -106,9 +106,9 @@ collect(hp, printheaders)
sigaddset(&nset, SIGHUP);
sigprocmask(SIG_BLOCK, &nset, &oset);
if ((saveint = signal(SIGINT, SIG_IGN)) != SIG_IGN)
- signal(SIGINT, collint);
+ (void)signal(SIGINT, collint);
if ((savehup = signal(SIGHUP, SIG_IGN)) != SIG_IGN)
- signal(SIGHUP, collhup);
+ (void)signal(SIGHUP, collhup);
savetstp = signal(SIGTSTP, collstop);
savettou = signal(SIGTTOU, collstop);
savettin = signal(SIGTTIN, collstop);
@@ -417,16 +417,16 @@ out:
if (collf != NULL)
rewind(collf);
noreset--;
- sigemptyset(&nset);
- sigaddset(&nset, SIGINT);
- sigaddset(&nset, SIGHUP);
- sigprocmask(SIG_BLOCK, &nset, &oset);
- signal(SIGINT, saveint);
- signal(SIGHUP, savehup);
- signal(SIGTSTP, savetstp);
- signal(SIGTTOU, savettou);
- signal(SIGTTIN, savettin);
- sigprocmask(SIG_SETMASK, &oset, NULL);
+ (void)sigemptyset(&nset);
+ (void)sigaddset(&nset, SIGINT);
+ (void)sigaddset(&nset, SIGHUP);
+ (void)sigprocmask(SIG_BLOCK, &nset, &oset);
+ (void)signal(SIGINT, saveint);
+ (void)signal(SIGHUP, savehup);
+ (void)signal(SIGTSTP, savetstp);
+ (void)signal(SIGTTOU, savettou);
+ (void)signal(SIGTTIN, savettin);
+ (void)sigprocmask(SIG_SETMASK, &oset, NULL);
return(collf);
}
@@ -610,12 +610,12 @@ collstop(s)
sig_t old_action = signal(s, SIG_DFL);
sigset_t nset;
- sigemptyset(&nset);
- sigaddset(&nset, s);
- sigprocmask(SIG_UNBLOCK, &nset, NULL);
- kill(0, s);
- sigprocmask(SIG_BLOCK, &nset, NULL);
- signal(s, old_action);
+ (void)sigemptyset(&nset);
+ (void)sigaddset(&nset, s);
+ (void)sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ (void)kill(0, s);
+ (void)sigprocmask(SIG_BLOCK, &nset, NULL);
+ (void)signal(s, old_action);
if (colljmp_p) {
colljmp_p = 0;
hadintr = 0;
diff --git a/usr.bin/mail/extern.h b/usr.bin/mail/extern.h
index ea3246294c0..a1e5870fbd1 100644
--- a/usr.bin/mail/extern.h
+++ b/usr.bin/mail/extern.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: extern.h,v 1.9 1997/07/24 17:27:10 millert Exp $ */
+/* $OpenBSD: extern.h,v 1.10 1997/07/30 06:32:39 millert Exp $ */
/* $NetBSD: extern.h,v 1.7 1997/07/09 05:22:00 mikel Exp $ */
/*-
@@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* @(#)extern.h 8.2 (Berkeley) 4/20/95
- * $OpenBSD: extern.h,v 1.9 1997/07/24 17:27:10 millert Exp $
+ * $OpenBSD: extern.h,v 1.10 1997/07/30 06:32:39 millert Exp $
*/
struct name;
@@ -94,7 +94,7 @@ int anyof __P((char *, char *));
int append __P((struct message *, FILE *));
int argcount __P((char **));
void assign __P((char [], char []));
-int bangexp __P((char *));
+int bangexp __P((char *, size_t));
int blankline __P((char []));
void brokpipe __P((int));
int charcount __P((char *, int));
diff --git a/usr.bin/mail/lex.c b/usr.bin/mail/lex.c
index 342f4d2198a..1e59ce5e25b 100644
--- a/usr.bin/mail/lex.c
+++ b/usr.bin/mail/lex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: lex.c,v 1.12 1997/07/24 17:27:11 millert Exp $ */
+/* $OpenBSD: lex.c,v 1.13 1997/07/30 06:32:40 millert Exp $ */
/* $NetBSD: lex.c,v 1.10 1997/05/17 19:55:13 pk Exp $ */
/*
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)lex.c 8.2 (Berkeley) 4/20/95";
#else
-static char rcsid[] = "$OpenBSD: lex.c,v 1.12 1997/07/24 17:27:11 millert Exp $";
+static char rcsid[] = "$OpenBSD: lex.c,v 1.13 1997/07/30 06:32:40 millert Exp $";
#endif
#endif /* not lint */
@@ -220,12 +220,12 @@ commands()
if (!sourcing) {
if (signal(SIGINT, SIG_IGN) != SIG_IGN)
- signal(SIGINT, intr);
+ (void)signal(SIGINT, intr);
if (signal(SIGHUP, SIG_IGN) != SIG_IGN)
- signal(SIGHUP, hangup);
- signal(SIGTSTP, stop);
- signal(SIGTTOU, stop);
- signal(SIGTTIN, stop);
+ (void)signal(SIGHUP, hangup);
+ (void)signal(SIGTSTP, stop);
+ (void)signal(SIGTTOU, stop);
+ (void)signal(SIGTTIN, stop);
}
setexit();
for (;;) {
@@ -577,12 +577,12 @@ stop(s)
sig_t old_action = signal(s, SIG_DFL);
sigset_t nset;
- sigemptyset(&nset);
- sigaddset(&nset, s);
- sigprocmask(SIG_UNBLOCK, &nset, NULL);
- kill(0, s);
- sigprocmask(SIG_BLOCK, &nset, NULL);
- signal(s, old_action);
+ (void)sigemptyset(&nset);
+ (void)sigaddset(&nset, s);
+ (void)sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ (void)kill(0, s);
+ (void)sigprocmask(SIG_BLOCK, &nset, NULL);
+ (void)signal(s, old_action);
if (reset_on_stop) {
reset_on_stop = 0;
reset(0);
diff --git a/usr.bin/mail/main.c b/usr.bin/mail/main.c
index ab759c4a505..16c8565773d 100644
--- a/usr.bin/mail/main.c
+++ b/usr.bin/mail/main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: main.c,v 1.8 1997/07/14 15:56:24 millert Exp $ */
+/* $OpenBSD: main.c,v 1.9 1997/07/30 06:32:40 millert Exp $ */
/* $NetBSD: main.c,v 1.7 1997/05/13 06:15:57 mikel Exp $ */
/*
@@ -44,7 +44,7 @@ static char copyright[] =
#if 0
static char sccsid[] = "@(#)main.c 8.2 (Berkeley) 4/20/95";
#else
-static char rcsid[] = "$OpenBSD: main.c,v 1.8 1997/07/14 15:56:24 millert Exp $";
+static char rcsid[] = "$OpenBSD: main.c,v 1.9 1997/07/30 06:32:40 millert Exp $";
#endif
#endif /* not lint */
@@ -237,18 +237,18 @@ Usage: %s [-iInv] [-s subject] [-c cc-addr] [-b bcc-addr] to-addr ...\n\
extern char *version;
if ((prevint = signal(SIGINT, SIG_IGN)) != SIG_IGN)
- signal(SIGINT, hdrstop);
+ (void)signal(SIGINT, hdrstop);
if (value("quiet") == NULL)
- printf("Mail version %s. Type ? for help.\n",
+ (void)printf("Mail version %s. Type ? for help.\n",
version);
announce();
- fflush(stdout);
- signal(SIGINT, prevint);
+ (void)fflush(stdout);
+ (void)signal(SIGINT, prevint);
}
commands();
- signal(SIGHUP, SIG_IGN);
- signal(SIGINT, SIG_IGN);
- signal(SIGQUIT, SIG_IGN);
+ (void)signal(SIGHUP, SIG_IGN);
+ (void)signal(SIGINT, SIG_IGN);
+ (void)signal(SIGQUIT, SIG_IGN);
quit();
exit(0);
}
diff --git a/usr.bin/mail/tty.c b/usr.bin/mail/tty.c
index c22ac812282..ee803eddf58 100644
--- a/usr.bin/mail/tty.c
+++ b/usr.bin/mail/tty.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tty.c,v 1.7 1997/07/22 18:54:45 millert Exp $ */
+/* $OpenBSD: tty.c,v 1.8 1997/07/30 06:32:41 millert Exp $ */
/* $NetBSD: tty.c,v 1.7 1997/07/09 05:25:46 mikel Exp $ */
/*
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)tty.c 8.2 (Berkeley) 4/20/95";
#else
-static char rcsid[] = "$OpenBSD: tty.c,v 1.7 1997/07/22 18:54:45 millert Exp $";
+static char rcsid[] = "$OpenBSD: tty.c,v 1.8 1997/07/30 06:32:41 millert Exp $";
#endif
#endif /* not lint */
@@ -106,9 +106,9 @@ grabh(hp, gflags)
ttybuf.c_cc[VERASE] = 0;
ttybuf.c_cc[VKILL] = 0;
if ((saveint = signal(SIGINT, SIG_IGN)) == SIG_DFL)
- signal(SIGINT, SIG_DFL);
+ (void)signal(SIGINT, SIG_DFL);
if ((savequit = signal(SIGQUIT, SIG_IGN)) == SIG_DFL)
- signal(SIGQUIT, SIG_DFL);
+ (void)signal(SIGQUIT, SIG_DFL);
#else
# ifdef TIOCEXT
extproc = ((ttybuf.c_lflag & EXTPROC) ? 1 : 0);
@@ -156,15 +156,15 @@ grabh(hp, gflags)
extract(readtty("Bcc: ", detract(hp->h_bcc, 0)), GBCC);
}
out:
- signal(SIGTSTP, savetstp);
- signal(SIGTTOU, savettou);
- signal(SIGTTIN, savettin);
+ (void)signal(SIGTSTP, savetstp);
+ (void)signal(SIGTTOU, savettou);
+ (void)signal(SIGTTIN, savettin);
#ifndef TIOCSTI
ttybuf.c_cc[VERASE] = c_erase;
ttybuf.c_cc[VKILL] = c_kill;
if (ttyset)
tcsetattr(fileno(stdin), TCSADRAIN, &ttybuf);
- signal(SIGQUIT, savequit);
+ (void)signal(SIGQUIT, savequit);
#else
# ifdef TIOCEXT
if (extproc) {
@@ -174,7 +174,7 @@ out:
}
# endif /* TIOCEXT */
#endif
- signal(SIGINT, saveint);
+ (void)signal(SIGINT, saveint);
return(errs);
}
@@ -231,9 +231,9 @@ readtty(pr, src)
cp2 = cp;
if (sigsetjmp(rewrite, 1))
goto redo;
- signal(SIGTSTP, ttystop);
- signal(SIGTTOU, ttystop);
- signal(SIGTTIN, ttystop);
+ (void)signal(SIGTSTP, ttystop);
+ (void)signal(SIGTTOU, ttystop);
+ (void)signal(SIGTTIN, ttystop);
clearerr(stdin);
while (cp2 < canonb + BUFSIZ) {
c = getc(stdin);
@@ -242,9 +242,9 @@ readtty(pr, src)
*cp2++ = c;
}
*cp2 = 0;
- signal(SIGTSTP, SIG_DFL);
- signal(SIGTTOU, SIG_DFL);
- signal(SIGTTIN, SIG_DFL);
+ (void)signal(SIGTSTP, SIG_DFL);
+ (void)signal(SIGTTOU, SIG_DFL);
+ (void)signal(SIGTTIN, SIG_DFL);
if (c == EOF && ferror(stdin)) {
redo:
cp = strlen(canonb) > 0 ? canonb : NULL;
@@ -298,12 +298,12 @@ ttystop(s)
sig_t old_action = signal(s, SIG_DFL);
sigset_t nset;
- sigemptyset(&nset);
- sigaddset(&nset, s);
- sigprocmask(SIG_UNBLOCK, &nset, NULL);
- kill(0, s);
- sigprocmask(SIG_BLOCK, &nset, NULL);
- signal(s, old_action);
+ (void)sigemptyset(&nset);
+ (void)sigaddset(&nset, s);
+ (void)sigprocmask(SIG_UNBLOCK, &nset, NULL);
+ (void)kill(0, s);
+ (void)sigprocmask(SIG_BLOCK, &nset, NULL);
+ (void)signal(s, old_action);
siglongjmp(rewrite, 1);
}
diff --git a/usr.bin/mail/v7.local.c b/usr.bin/mail/v7.local.c
index 81d11700006..05f32a040d7 100644
--- a/usr.bin/mail/v7.local.c
+++ b/usr.bin/mail/v7.local.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v7.local.c,v 1.8 1997/07/14 00:24:31 millert Exp $ */
+/* $OpenBSD: v7.local.c,v 1.9 1997/07/30 06:32:41 millert Exp $ */
/* $NetBSD: v7.local.c,v 1.8 1997/05/13 06:15:58 mikel Exp $ */
/*
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)v7.local.c 8.1 (Berkeley) 6/6/93";
#else
-static char rcsid[] = "$OpenBSD: v7.local.c,v 1.8 1997/07/14 00:24:31 millert Exp $";
+static char rcsid[] = "$OpenBSD: v7.local.c,v 1.9 1997/07/30 06:32:41 millert Exp $";
#endif
#endif /* not lint */
@@ -65,13 +65,18 @@ findmail(user, buf, buflen)
int buflen;
{
char *mbox;
+ struct stat sb;
- if (!(mbox = getenv("MAIL")))
- (void)snprintf(buf, buflen, "%s/%s", _PATH_MAILDIR, user);
- else {
+ /* Ignore $MAIL if it is not owned by the invoking user */
+ if ((mbox = getenv("MAIL")) && stat(mbox, &sb) == 0 &&
+ sb.st_uid != getuid() && sb.st_uid != geteuid())
+ mbox = NULL;
+
+ if (mbox) {
(void)strncpy(buf, mbox, buflen - 1);
buf[buflen - 1] = '\0';
- }
+ } else
+ (void)snprintf(buf, buflen, "%s/%s", _PATH_MAILDIR, user);
}
/*